Solved: Just a follow up question

CODNetadmin · ‎04-12-2016

Hi All,

Just want to verify if our planned upgrade of ASA will not cause any trouble during the procedure.

Hardware: ASA5525-X

Existing IOS: 9.1.2

Upgrade to: 9.4.2(11)

Setup: Active Standby

We plan to upgrade the standby first, after this, Is the Standby still going to take over after we force a failover to it so that we can then upgrade the Primary Firewall.

Many thanks!

Marvin Rhoads · ‎04-12-2016

Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand

View solution in original post

Marvin Rhoads · ‎04-12-2016

Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand

CODNetadmin · ‎04-12-2016

Just a follow up question Marvin, does that mean that when i upgraded the Standby and I switchover to the upgraded standby, is it going to be a seamless failover (sessions maintained)? Or will it have a quick downtime due to the sessions dropped.

Thanks!

Marvin Rhoads · ‎04-13-2016

If you do not have stateful failover configured, individual TCP connections will have to be re-established. If a given application is sensitive to that, a small impact may be noticed. Most end user traffic (web browsing, email etc) generally recovers seamlessly to such an interruption. With stateful failover even that small interruption does not happen.

Ve Con · ‎02-17-2017

Thanks so much, Marvin!

CODNetadmin · ‎04-12-2016

Thanks Marvin! This is very helpful.

ASA Upgrade (Active-Standby) Procedure